SSO with ADFS, forms login with ADSF ProxySSO with ADFS, forms login with ADSF Proxyhttp://developer.cisco.com/c/message_boards/find_thread?p_l_id=&threadId=58911712013-05-21T04:03:24Z2013-05-21T04:03:24ZRE: SSO with ADFS, forms login with ADSF ProxyRahul Patelhttp://developer.cisco.com/c/message_boards/find_message?p_l_id=&messageId=58986722012-06-20T21:08:47Z2012-06-20T21:06:16ZHello Kingsley,
I replaced urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:Password with urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport and that did the trick.
OK, when i save this, its cutting off the end... So, you might have given me the right info... but, I needed the ProtectedTransport in the end.
Thank you for your help for getting this to work.
RahulRahul Patel2012-06-20T21:06:16ZRE: SSO with ADFS, forms login with ADSF ProxyRahul Patelhttp://developer.cisco.com/c/message_boards/find_message?p_l_id=&messageId=58985772012-06-20T20:49:46Z2012-06-20T20:49:46ZHello Kingsley,
Thank you for your suggestion. I am not sure what to use for the outside users. But, I was told that, this setup is not supported and that I should post it here and someone will help. :-)
I did try your suggestion and I got prompted for a user and password, and got a SAML assertion error.
Is there anywhere there is documentation or suggestion on what to try for the AuthnContextClassRefs on the WebEx site admin page?
Thank you,
RahulRahul Patel2012-06-20T20:49:46ZRE: SSO with ADFS, forms login with ADSF ProxyKingsley Lewishttp://developer.cisco.com/c/message_boards/find_message?p_l_id=&messageId=58911952012-06-19T16:09:02Z2012-06-19T16:09:02ZHi Rahul,
The most likely reason for this is the AuthnContextClassRef coming from the outside users is different then the one from inside users.
To work around this problem WebEx will allow you to set multiple AuthnContextClassRefs on the WebEx site admin page that are separated by a semicolon It would look something like this
urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:Password
if you do not know what the value is for external users, I would try the above suggestion first. If it still fails then you will need to contact technical support and provide the assertion ADFS is generating for an outside user.
Thank you
-Kingsley LewisKingsley Lewis2012-06-19T16:09:02ZSSO with ADFS, forms login with ADSF ProxyRahul Patelhttp://developer.cisco.com/c/message_boards/find_message?p_l_id=&messageId=58911702012-06-19T16:03:22Z2012-06-19T16:03:22ZHello,
Followed the ADFS setup guide that was emailed to us and we were able to get SSO work and Auto Account Create work when we are internal on our network. We setup an ADFS proxy server in the DMZ, so that, when using your computer from home or using a mobile device, it would hit the ADFS proxy and prompt for a username and password. When we click on Host log in, it does prompt for username and password, but when I type my username and password, I get an "User Authentication Failed": Reason: Invalid SAML Assertion (13).
Does anyone have this working in their environment? Anything you need from to get this corrected, please let me know.
Thank you,
Rahul PatelRahul Patel2012-06-19T16:03:22Z